Risk at the Center

People in risk are a critical component

The risk discipline provides a foundation for helping an organization address uncertainty as it drives toward objectives.

Integrating risk management into an overall GRC capability ensures that these activities are aligned with business objectives, strategies, compliance management, legal, finance, IT and culture; and that they are audit-ready.

Audit at the Center

People in audit are a critical component

The audit discipline provides a foundation to provide assurance to management, the board and other stakeholders that the organization is achieving objectives, addressing uncertainty and acting with integrity.

Integrating audit into an overall GRC capability ensures that these activities are aligned with business objectives, strategies, risk management, compliance management, legal, finance, IT and culture.

Compliance at the Center

People in compliance are a critical component

The compliance discipline provides a foundation for helping an organization act with integrity and stay within boundaries as it drives toward objectives. Mandated boundaries include laws, rules and regulations. Voluntary boundaries include organization values, contracts and other promises it makes with customers, employees and society.

Integrating compliance into an overall GRC capability ensures that these activities are aligned with business objectives, strategies, risk management, legal, finance, IT and culture; and that they are audit-ready.

Ethics & Culture at the Center

People in HR, human capital management, talent management or lines of business are responsible for developing a culture of character and ethics.

Integrating culture and ethics into an overall GRC capability ensures that all other activities are conducted in an environment where people are aligned toward the general interests of the organization and society.

IT & Security at the Center

The IT discipline provides a foundation to provide integrity and security around important information assets; and to provide technology to enable other GRC activities.

Integrating IT into an overall GRC capability ensures that these activities are aligned with business objectives, strategies, risk management, compliance management, legal, finance, IT and culture; and that they are audit-ready.